diff options
-rw-r--r-- | src/basic/rm-rf.c | 9 | ||||
-rw-r--r-- | src/test/test-path-util.c | 34 | ||||
-rw-r--r-- | src/tmpfiles/tmpfiles.c | 11 |
3 files changed, 38 insertions, 16 deletions
diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c index bdaca264ff..ff040e7a55 100644 --- a/src/basic/rm-rf.c +++ b/src/basic/rm-rf.c @@ -182,18 +182,11 @@ int rm_rf(const char *path, RemoveFlags flags) { /* We refuse to clean the root file system with this * call. This is extra paranoia to never cause a really * seriously broken system. */ - if (path_equal(path, "/")) { + if (path_equal_or_files_same(path, "/")) { log_error("Attempted to remove entire root file system, and we can't allow that."); return -EPERM; } - /* Another safe-check. Removing "/path/.." could easily remove entire root as well. - * It's especially easy to do using globs in tmpfiles, like "/path/.*", which the glob() - * function expands to both "/path/." and "/path/..". - * Return -EINVAL to be consistent with rmdir("/path/."). */ - if (endswith(path, "/..") || endswith(path, "/../")) - return -EINVAL; - if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) { /* Try to remove as subvolume first */ r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c index 22df20a1eb..ab62d0dad2 100644 --- a/src/test/test-path-util.c +++ b/src/test/test-path-util.c @@ -27,6 +27,7 @@ #include "mount-util.h" #include "path-util.h" #include "rm-rf.h" +#include "stat-util.h" #include "string-util.h" #include "strv.h" #include "util.h" @@ -104,6 +105,38 @@ static void test_path(void) { assert_se(!path_equal_ptr(NULL, "/a")); } +static void test_path_equal_root(void) { + /* Nail down the details of how path_equal("/", ...) works. */ + + assert_se(path_equal("/", "/")); + assert_se(path_equal("/", "//")); + + assert_se(!path_equal("/", "/./")); + assert_se(!path_equal("/", "/../")); + + assert_se(!path_equal("/", "/.../")); + + /* Make sure that files_same works as expected. */ + + assert_se(files_same("/", "/") > 0); + assert_se(files_same("/", "//") > 0); + + assert_se(files_same("/", "/./") > 0); + assert_se(files_same("/", "/../") > 0); + + assert_se(files_same("/", "/.../") == -ENOENT); + + /* The same for path_equal_or_files_same. */ + + assert_se(path_equal_or_files_same("/", "/")); + assert_se(path_equal_or_files_same("/", "//")); + + assert_se(path_equal_or_files_same("/", "/./")); + assert_se(path_equal_or_files_same("/", "/../")); + + assert_se(!path_equal_or_files_same("/", "/.../")); +} + static void test_find_binary(const char *self) { char *p; @@ -551,6 +584,7 @@ int main(int argc, char **argv) { log_open(); test_path(); + test_path_equal_root(); test_find_binary(argv[0]); test_prefixes(); test_path_join(); diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index ed6a9adaa6..36488c9a5c 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -1093,19 +1093,14 @@ static int item_do_children(Item *i, const char *path, action_t action) { static int glob_item(Item *i, action_t action, bool recursive) { _cleanup_globfree_ glob_t g = { - .gl_closedir = (void (*)(void *)) closedir, - .gl_readdir = (struct dirent *(*)(void *)) readdir, .gl_opendir = (void *(*)(const char *)) opendir_nomod, - .gl_lstat = lstat, - .gl_stat = stat, }; int r = 0, k; char **fn; - errno = 0; - k = glob(i->path, GLOB_NOSORT|GLOB_BRACE|GLOB_ALTDIRFUNC, NULL, &g); - if (k != 0 && k != GLOB_NOMATCH) - return log_error_errno(errno ?: EIO, "glob(%s) failed: %m", i->path); + k = safe_glob(i->path, GLOB_NOSORT|GLOB_BRACE, &g); + if (k < 0 && k != -ENOENT) + return log_error_errno(k, "glob(%s) failed: %m", i->path); STRV_FOREACH(fn, g.gl_pathv) { k = action(i, *fn); |